- From: David Singer <singer@apple.com>
- Date: Wed, 21 Sep 2016 18:00:52 +0100
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-id: <FE588217-4C35-4A75-A825-35DF901D5818@apple.com>
Hi at the face-to-face in Lisbon we talked about exploring ‘incognito’ or private-browsing mode, its problems, misperceptions, and what might be the possibilities for standardization, and to end up with a discussion paper. I promised to kick off the discussion. This is the kick-off, so discuss away; add what I missed, disagree with me, and so on! Mark Nottingham has a write-up of PBM at https://gist.github.com/mnot/96440a5ca74fcf328d23 <https://gist.github.com/mnot/96440a5ca74fcf328d23>. There is also a wealth of research on what users think. 1) Non-uniformity of approach. The various browsers use different names for this, and more importantly, they differ slightly in what’s done. 1.1) While this enables differentiation, to what extent does this lead to user confusion? 2) Many users believe that this mode provides enhanced protection from network snooping, or from server recording and tracking. Actually, servers are unaware, and most or all browsers don’t insist on HTTPS — and even if they did, the network can obviously see what sites are being visited (as they have to help deliver the packets). We probably don’t want to move to full-on TOR. 2.1) To what extent could or should we enable servers to know “heh, I am trying to be private here!”? Note that we’ve informally discussed this before (e.g. at last year’s TPAC). What are the positive use-cases and what are the major concerns with this? 2.2) If we were to recommend some uniformity of behavior (see 1.1), should that include recommending https-only? 2.3) Sometimes in this mode the browser tries to reduce its fingerprint surface. Should this be part of the recommendation? 2.4) Should we recommend deeper-level fingerprint protection e.g. changing the IP address, if possible? 3) Some sites know that they might be sensitive; orthogonally to the possible user->server signal, should a server be able to suggest “you probably want to be in the incog mode when browsing here”? Would it help at all if one had to visit the site anyway, to learn this? 4) This mode mixes several concepts; should we disentangle them? David Singer Manager, Software Standards, Apple Inc.
Received on Wednesday, 21 September 2016 17:01:30 UTC